codeql/1.1.2.md at 66737402c20fc83b3d3a654dcccf4b26c901b100

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Files

github-actions[bot] b0d6778652 Release preparation for version 2.18.0

2024-07-08 09:10:51 +00:00

1.1.2

DataFlow queries which previously used RemoteFlowSource to define their sources have been modified to instead use ThreatModelFlowSource. This means these queries will now respect threat model configurations. The default threat model configuration is equivalent to RemoteFlowSource, so there should be no change in results for users using the default.
Added the ThreatModelFlowSource class to FlowSources.qll. The ThreatModelFlowSource class can be used to include sources which match the current threat model configuration. This is the first step in supporting threat modeling for Go.

Fixed dataflow via global variables other than via a direct write: for example, via a side-effect on a global, such as io.copy(SomeGlobal, ...) or via assignment to a field or array or slice cell of a global. This means that any data-flow query may return more results where global variables are involved.